When the SandboxBrokerPolicyFactory is constructed, prefs aren't
available, which constrains the cached subset of the content process
policy to entries that don't depend on prefs. Delaying the computation
until a content process is started removes that restriction.
(This also delays the reading of dynamic linker configuration to discover
library directories, so a test needs to be adjusted.)
Differential Revision: https://phabricator.services.mozilla.com/D81423
Use `GetFileType(HANDLE)` on Windows.
Unlike `HandleToFilename`, `GetFileType` is fast enough that we don't need to use a `SmallArrayLRUCache` for it.
The pipe I/Os should not be visible anymore in the startup tests.
Differential Revision: https://phabricator.services.mozilla.com/D82303
Caching filenames in 32-entry LRU array covers >95% of calls, and makes the average `Filename()` call 5 to 10 times cheaper.
browser_start_content_mainthreadio.js needed to be updated to handle operations that now have a filename thanks to the cache.
Since `ClearPoisonIOInterposer()` is never called (see bug 1647107), during Firefox shutdown we put LRUCache in a shutdown mode, which bypasses the cache in case it is still used at that time.
Differential Revision: https://phabricator.services.mozilla.com/D79767
Caching filenames in 32-entry LRU array covers >95% of calls, and makes the average `Filename()` call 5 to 10 times cheaper.
browser_start_content_mainthreadio.js needed to be updated to handle operations that now have a filename thanks to the cache.
Differential Revision: https://phabricator.services.mozilla.com/D79767
Add a new extension location in the user profile that Normandy will use to install mozilla signed addons. These are used to update builtin addons, experiments, etc. as well as take over functionality currently supported by Balrog.
Differential Revision: https://phabricator.services.mozilla.com/D70636
For Win32k lockdown, we need to remove the content processes' ability to
call GetICMProfileW(). Since it needs this to retrieve the output color
profile, a new synchronous call is added that allows it to request the
parent process to read this file on its behalf.
The contents of the file are now being cached as well, as this should help
ease some of the increased parent process I/O caused by the children not
being able to do this in their process anymore.
For performance reasons, during launch this information is passed directly
to the child through the SetXPCOMProcessAttributes call
Differential Revision: https://phabricator.services.mozilla.com/D66126
--HG--
extra : moz-landing-system : lando
I'm taking the opportunity to remove isDefaultHandlerApp messaging as the
content-side calls were removed in bug 1353029.
Depends on D59788
Differential Revision: https://phabricator.services.mozilla.com/D59789
--HG--
extra : moz-landing-system : lando
I'm taking the opportunity to remove isDefaultHandlerApp messaging as the
content-side calls were removed in bug 1353029.
Depends on D59788
Differential Revision: https://phabricator.services.mozilla.com/D59789
--HG--
extra : moz-landing-system : lando
This permission manager migration drops the granted origin part of the
permission type.
Differential Revision: https://phabricator.services.mozilla.com/D57494
--HG--
extra : moz-landing-system : lando
This permission manager migration drops the granted origin part of the
permission type.
Differential Revision: https://phabricator.services.mozilla.com/D57494
--HG--
extra : moz-landing-system : lando
Probably caused by Bug 1577803, which is a good change, so updating the tests.
Differential Revision: https://phabricator.services.mozilla.com/D53050
--HG--
extra : moz-landing-system : lando
Finally, let's move the actual IO away from the main thread.
This means there are now 3 ways of looking for plugins:
1. looking for changes from ReloadPlugins. This runs the PluginFinder runnable
on the main thread.
2. loading plugins from LoadPlugins. This will:
a) first check prefs and report the flash plugin based on that information,
if the prefs indicate it exists (using the callback provided by
nsPluginHost).
b) then hopefully dispatch to a background thread, where it will read
pluginreg.dat, scan the appropriate folders on disk, and see if
anything changed. Once done, it sets mFinishedFinding to true and
re-dispatches itself to the main thread.
c) then on the main thread, it reports any changes to nsPluginHost.
3. if dispatching in 2(b) fails, we will run steps (b) and (c) on the main
thread.
Note: if ReloadPlugins is called, we intiially do (1), but if we find
changes, we clear out the set of known plugins and then run LoadPlugins
again (meaning we go through 2 (or 3 if 2(b) fails)). This is how
reloading plugins worked prior to my changes and I've attempted not to
change it.
In order for this to work, there are some other changes in this commit:
- the sandbox prefs are being read "early" and cached for flash vs
"everything else". We can't access prefs on non-main threads without
using StaticPrefs, which doesn't seem worth it here.
- some of the plugin tag classes are moved to threadsafe refcounting.
This is a bit unfortunate, but because they're instantiated on a non-
mainthread, and then later used on the main thread, despite the
fact that the architecture means nothing tries to touch them from
more than one thread at once, without threadsafe refcounting we hit
asserts in debug mode if we add references to them back on the main thread.
- we add shutdown blocking for pluginfinding. We don't really want to
be halfway through finding plugins and then trying to shut them down,
or re-instantiating plugins after they've been unloaded.
- we keep a reference to the "pending" pluginfinder instance while
doing lookups away from the main thread (ie (2)), to avoid re-entrancy or
trying to write to pluginreg while we're reading it somewhere else,
etc. If there's an attempt to do more plugin finding while this is
ongoing, we flip mDoReloadOnceFindingFinished and do a reload once
our initial lookups are complete.
Depends on D48331
Differential Revision: https://phabricator.services.mozilla.com/D48332
--HG--
extra : moz-landing-system : lando
In this change we:
- stop treating the nsPluginDirServiceProvider as a directory provider, as its
GetFile implementation was a no-op anyway - registering it didn't make any
difference.
- stop treating it as a class entirely, because the PLID getters were already
static, so instantiating it also didn't do anything.
- move IO from the plugin directory list provider and the Windows-only PLID
getters into nsPluginHost. This enables us to move it off of the main thread
later - the directory getting has to happen on the main thread, but we can
postpone further checks on the nsIFile instances.
- in the process, stop doing exists() calls on files because we can fail more
lazily. This allows us to remove more allowlist entries from
browser_startup_mainthreadio, though the `isDirectory` calls will actually
still cause IO - they don't seem to create IO markers in the profiler.
We will move this IO away from the main thread in subsequent commits.
Depends on D48328
Differential Revision: https://phabricator.services.mozilla.com/D48329
--HG--
extra : moz-landing-system : lando
Finally, let's move the actual IO away from the main thread.
This means there are now 3 ways of looking for plugins:
1. looking for changes from ReloadPlugins. This runs the PluginFinder runnable
on the main thread.
2. loading plugins from LoadPlugins. This will:
a) first check prefs and report the flash plugin based on that information,
if the prefs indicate it exists (using the callback provided by
nsPluginHost).
b) then hopefully dispatch to a background thread, where it will read
pluginreg.dat, scan the appropriate folders on disk, and see if
anything changed. Once done, it sets mFinishedFinding to true and
re-dispatches itself to the main thread.
c) then on the main thread, it reports any changes to nsPluginHost.
3. if dispatching in 2(b) fails, we will run steps (b) and (c) on the main
thread.
Note: if ReloadPlugins is called, we intiially do (1), but if we find
changes, we clear out the set of known plugins and then run LoadPlugins
again (meaning we go through 2 (or 3 if 2(b) fails)). This is how
reloading plugins worked prior to my changes and I've attempted not to
change it.
In order for this to work, there are some other changes in this commit:
- the sandbox prefs are being read "early" and cached for flash vs
"everything else". We can't access prefs on non-main threads without
using StaticPrefs, which doesn't seem worth it here.
- some of the plugin tag classes are moved to threadsafe refcounting.
This is a bit unfortunate, but because they're instantiated on a non-
mainthread, and then later used on the main thread, despite the
fact that the architecture means nothing tries to touch them from
more than one thread at once, without threadsafe refcounting we hit
asserts in debug mode if we add references to them back on the main thread.
- we add shutdown blocking for pluginfinding. We don't really want to
be halfway through finding plugins and then trying to shut them down,
or re-instantiating plugins after they've been unloaded.
- we keep a reference to the "pending" pluginfinder instance while
doing lookups away from the main thread (ie (2)), to avoid re-entrancy or
trying to write to pluginreg while we're reading it somewhere else,
etc. If there's an attempt to do more plugin finding while this is
ongoing, we flip mDoReloadOnceFindingFinished and do a reload once
our initial lookups are complete.
Depends on D48331
Differential Revision: https://phabricator.services.mozilla.com/D48332
--HG--
extra : moz-landing-system : lando
In this change we:
- stop treating the nsPluginDirServiceProvider as a directory provider, as its
GetFile implementation was a no-op anyway - registering it didn't make any
difference.
- stop treating it as a class entirely, because the PLID getters were already
static, so instantiating it also didn't do anything.
- move IO from the plugin directory list provider and the Windows-only PLID
getters into nsPluginHost. This enables us to move it off of the main thread
later - the directory getting has to happen on the main thread, but we can
postpone further checks on the nsIFile instances.
- in the process, stop doing exists() calls on files because we can fail more
lazily. This allows us to remove more allowlist entries from
browser_startup_mainthreadio, though the `isDirectory` calls will actually
still cause IO - they don't seem to create IO markers in the profiler.
We will move this IO away from the main thread in subsequent commits.
Depends on D48328
Differential Revision: https://phabricator.services.mozilla.com/D48329
--HG--
extra : moz-landing-system : lando
This Change removes all call to Exists() in Directory Provider component, which creates the possibility for the componenet to return an empty list. SearchService.jsm is modified to handle this possibility.
Differential Revision: https://phabricator.services.mozilla.com/D42772
--HG--
extra : moz-landing-system : lando
This Change removes all call to Exists() in Directory Provider component, which creates the possibility for the componenet to return an empty list. SearchService.jsm is modified to handle this possibility.
Differential Revision: https://phabricator.services.mozilla.com/D42772
--HG--
extra : moz-landing-system : lando
Corroborator.jsm no longer causes file I/O on early startup before user input is possible.
Depends on D41693
Differential Revision: https://phabricator.services.mozilla.com/D42585
--HG--
extra : moz-landing-system : lando
With the removal of the old Chromium file_util code, we should no longer
be using temporary files with names starting with "org.chromium.", so the
crash reporter and main thread I/O test no longer need to recognize that
prefix.
Differential Revision: https://phabricator.services.mozilla.com/D34629
--HG--
extra : moz-landing-system : lando
The tests for unexpected main thread I/O had exemptions for the specific
paths that were being used for shared memory, which would cause it to
fail with the changes in this bug. This patch does two things:
1. On Linux, /dev/shm is always tmpfs (a memory filesystem), so it's not
going to cause disk I/O, and it's used by glibc to implement the POSIX
standard shm_open API. This allows all /dev/shm paths instead of
limiting it to a hard-coded prefix.
2. On MacOS, with the patches in this bug, we'll no longer use temporary
files for shared memory on current OS versions, but we still need them on
older versions to avoid an OS bug (https://crbug.com/project-zero/1671),
and they are backed by disk in this case, so we want to allow only the
IPC files. However, the path prefix has changed.
Differential Revision: https://phabricator.services.mozilla.com/D34628
--HG--
extra : moz-landing-system : lando
XPIState.getModTime() was setting a .changed property that nothing ever
looks at. It also sets lastModifiedTime which is used from about:addons
but built-in addons aren't visible there so there's no point setting it
for them.
Differential Revision: https://phabricator.services.mozilla.com/D39061
--HG--
extra : moz-landing-system : lando
This provides a set of promises that the searchservice resolves once the search engine has been configured
Differential Revision: https://phabricator.services.mozilla.com/D33660
--HG--
extra : moz-landing-system : lando
This provides a set of promises that the searchservice resolves once the search engine has been configured
Differential Revision: https://phabricator.services.mozilla.com/D33660
--HG--
extra : moz-landing-system : lando
